Obama Outlines 5 Surveillance Reforms

NSA's controversial bulk collection of phone records will end, but businesses may be asked to retain data in case the government needs it.

Internet of Things: 8 Cost-Cutting Ideas for Government

(Click image for larger view and slideshow.)

President Obama on Friday announced five changes in US surveillance policy, a move he attributed in part to the revelations about the scope of US intelligence gathering made possible by documents leaked by ex-NSA contractor Edward Snowden.

The most significant change is an end to the bulk collection of telephone records -- phonecall meta-data -- under Section 215. The President said he is ordering the gradual discontinuation of this program and the establishment of "a mechanism that preserves the capabilities we need without the government holding this bulk meta-data."

But the President conceded that alternatives, such as having a third-party or individual businesses retain data until the government comes calling, pose problems. It remains to be seen exactly what form such data collection will take.

Some critics of US surveillance policy applauded the change. Senators Ron Wyden (D-OR), Mark Udall (D-CO), and Martin Heinrich (D-NM), who serve on the US Senate Select Committee on Intelligence, issued a joint statement calling the decision "a major milestone in our longstanding efforts to reform the National Security Agency’s bulk collection program."

At the same time, they and others asserted that more needs to be done. The senators said they plan to try to ensure that the government does not read Americans' email messages or other communications without a warrant.

Alex Fowler, head of privacy and public policy at Mozilla, in a blog post expressed disappointment that the President failed: to endorse legislative surveillance reform proposals, like the USA FREEDOM Act; to reconsider the encouragement, promotion, and support for technological backdoors; to end efforts to undermine the encryption standards that protect everyone online; to protect the privacy rights of foreign citizens with no connection to adversarial activity.

The other changes announced by the President were as follows:

The President has approved a new set of rules covering intelligence gathering, both at home and abroad. The directive, he said, "will ensure that we take into account our security requirements, but also our alliances; our trade and investment relationships, including the concerns of America’s companies; and our commitment to privacy and basic liberties."

The President promised greater transparency in US surveillance activities. This will come from an annual review of secret Foreign Intelligence Surveillance Court (FISC) orders, during which the Director of National Intelligence and the Attorney General will consider possible declassification. The President also directed Congress to appoint an independent panel to advocate for transparency in "significant cases" before the FISC.

The government's activities under Section 702, which permits the interception of communications between foreign targets abroad who have information that affects national security, will be subject to "additional restrictions on government’s ability to retain, search, and use in criminal cases, communications between Americans and foreign citizens incidentally collected under Section 702."

Finally, National Security Letters, which may come with a gag order that prohibits the recipient from disclosing their receipt, will no longer remain in effect indefinitely, provided the government does not make the case for the ongoing need for secrecy.

In addition, communications providers that have received NSLs will be allowed to disclose more information -- presumably aggregate numbers of NSLs received -- about government orders they've received.

Eight tech companies -- Google, Apple, Facebook, Twitter, AOL, Microsoft, LinkedIn, and Yahoo -- last year urged the government for surveillance policy changes, such as the right to report statistical data about demands for information.

Thomas Claburn is editor-at-large for InformationWeek. He has been writing about business and technology since 1996 for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. He's the author of a science fiction novel, Reflecting Fires, and his mobile game Blocfall Free is available for iOS, Android, and Kindle Fire.

InformationWeek Conference is an exclusive two-day event taking place at Interop where you will join fellow technology leaders and CIOs for a packed schedule with learning, information sharing, professional networking, and celebration. Come learn from each other and honor the nation's leading digital businesses at our InformationWeek Elite 100 Awards Ceremony and Gala. You can find out more information and register here. In Las Vegas, March 31 to April 1, 2014.

There's still a curious absence of attention on the other surveillance giant at work in the market: Private industries that routinely track more information about consumers than the NSA does. Consumers still have little control over how their information is collected, used,and shared with third parties for marketing purposes. While the government has overstepped its bounds in collecting phone and other metadata, private industry continues to collect our spending data, our whereabouts, and countless other pieces of personal digital data. Let's get that into the debate.

While I'm glad to see Obama offering some privacy protection to those overseas, it's not like added rights have helped Americans steer clear of the NSA filtering. He also seems to think that the problem was what the NSA was using the data for, rather than that it was being collected in the first place, which is obviously not the case.

Interesting idea that might or might not work, I am not sure. Won't all this make it more expensive to do the same things? Since in a way specialization would be finished and a handful of agencies will have to take care of everything under the sky.

Exactly, and the trade-off between keeping businesses safe (not causing them loses) vs. keeping people safe is becoming harder day by day because of the pace at which technology is moving. The good news is that now everyone is looking at this issue and I guess this attention will bring about a framework that has real value.

So the word is to do a wee bit less of the insane spying and data collection while still have this artifical FISC rubber stamp everything. Who thought Obama is worse than Bush!?

The only way to end this mess is to

- repeal the Patriot Acts

- defund NSA and other agencies that are not FBI or CIA

- centralize national security under the FBI

- centralize foreign intelligence including that of the military under the CIA

- dissolve the FISC and have the FBI and CIA seek search warrants from courts with judges that were elected by the public in free and democratic elections. Only the records obtained through a warrant are allowed to be stored by the FBI or CIA.

- have an annual review of all programs and determine actual results, programs that do not deliver any results will be ended.

This will not only make national security more effective, more organized, and more focused on results, it will also keep any self-serving three letter agencies out of the mix. On top of that, it will save billions of dollars that are now wasted on folks playing WoW or dysfunctional data centers. And the best, this will make the US a much safer place than it currently is!

The President will no doubt be accused of punting on the decision regarding the bulk collection of American's phone records. What was interesting to see is a US president laying out a set of principles on intelligence gathering in a public document that would have been unimaginable a few years ago -- or at least before the Edward Snowden revelations. I also believe that the men and women at NSA who live every day worrying whether they've done enough to avoid another 9/11 got what amounted to a pretty strong endorsement from their commander in chief.

The 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?